<?php 
session_start(); 
if (!isset($_SESSION['Username'])) {
                header("location:login.php");
        }
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Administrator Approve Users</title>
<link href="css/default.css" rel="stylesheet" type="text/css" />
<script language="JavaScript" src="scripts/rand_password.js"></script>
<?php include('includes/path.php'); ?>

</head>

<body class="oneColFixCtrHdr">

<div id="container">
<?php include( 'includes/header.php' ); ?>
<?php include( 'includes/menu.php' ); ?>
<?php include ('includes/status.php'); ?>

  <div id="mainContent">
     <?php
	// This file inserts the following
	// variables: USER, PASS, DB
	include('db.php');

    ?>
<!--      <p><a href="admin.php">Back to Admin Page</a></p> -->
      <form action="" method="POST" enctype="multipart/form-data" name="addAccounts" target="_parent">
          <?php
            $TABLE = "New_Accounts";
            $TABLE2 = "Users";

            $CON = mysql_connect( $HOST, $USER, $PASS );

            if (!$CON){
                die('Could not connect: ' . mysql_error());
            }

            mysql_select_db( $DB );
            
            
            
            $rowNum = (isset($_POST['numberOfRows']) ? htmlspecialchars($_POST['numberOfRows']) : '');
		while($rowNum>0)
		{
			$rowNum --;
                        
			$tmp = (isset($_POST[$rowNum]) ? htmlspecialchars($_POST[$rowNum]) : '');
			if(Empty($tmp)) ;
			else 
			{              
                            $SQL = "DELETE from New_Accounts where(email) ='$tmp'";
                            mysql_query($SQL);
			}

                        
                        $currentPass = "passName".$rowNum;           
                        $currentConfirmation = "confirmName".$rowNum;
			$aType = "accountType".$rowNum;

                        $password = (isset($_POST[$currentPass]) ? htmlspecialchars($_POST[$currentPass]) : '');
			$confirmation = (isset($_POST[$currentConfirmation]) ? htmlspecialchars($_POST[$currentConfirmation]) : '');
			$type = (isset($_POST[$aType]) ? htmlspecialchars($_POST[$aType]) : '0');

			//New records are only added if both password and confirmation are the same.
                        if(($password==$confirmation)and($password!='')){
                            $currentEmail = "email".$rowNum;
                            $email = (isset($_POST[$currentEmail]) ? htmlspecialchars($_POST[$currentEmail]) : 'no email found!!');
                            //echo $email;
                            $QRY = "SELECT * FROM $TABLE WHERE email = '$email'";

                            $RESULT = mysql_query($QRY);
                            if(!$RESULT){
                                echo "Cound not run query! ".mysql_error();
                            }
                            else{
                                
                                //Get the required information and then add a new record to the user table.
                                
                                $ROW = mysql_fetch_row($RESULT);
                                $new_email = $ROW[0];
                                $new_first_name = $ROW[1];
                                $new_last_name = $ROW[2];
                                $new_question = $ROW[3];
                                $new_answer = $ROW[4];
                                $password = md5($password);
				$man = 0;
				$adm = 0;
				
				if ( $type == "1" ) { $man = "1"; }
				if ( $type == "2" ) { $adm = "1"; }

				$sqlcheck = 'SELECT COUNT(*) AS total FROM Users WHERE login = "$email";';
				$querycheck = mysql_query($sqlcheck);
				$rowcheck = mysql_fetch_assoc($querycheck);
				$total = $rowcheck['total'];

				if($total==1) {

				}
				 else {

				


                                $QRY2 = "INSERT INTO Users(user_id, first_name, last_name, login, password, manager, admin, question, answer) 
                                    VALUES (0, '$new_first_name', '$new_last_name', '$email', '$password', '$man', '$adm', '$new_question', '$new_answer')";
                                if(!(mysql_query($QRY2))){
                                    echo "ERROR:".mysql_error();
                                }
                                else{
                                    echo "Records added to Users Tables";
                                }
                                }
                                //Since the user was added to the user table... delete the record from the new_accounts table.
                                $SQL2 = "DELETE from New_Accounts where(email) ='$email'";
                                mysql_query($SQL2);
                                
                            }
                        }
		}
          
          
          
          ?>
      </form>





 <?php

        $TABLE = "New_Accounts";
        $ROW_NUMBER = 0;

        $CON = mysql_connect( $HOST, $USER, $PASS );

        if (!$CON)
          {
                  die('Could not connect: ' . mysql_error());
          }

        mysql_select_db( $DB );
        $QRY = 'SELECT * FROM ' . $TABLE;
        
        echo '<div  align ="center">
	<form action="" method="POST" enctype="multipart/form-data" name="addAccounts" target="_parent">
	<table style="width: 50%; border: 5p09x #aba groove;" align="center">';
        
	echo '<table style="width: 100%; border: 5px #aba groove;">';
        echo '<tr style="background-color: #77C48E;"><th colspan=6>New Accounts</th></tr>';
        echo '<tr style="background-color: #D6B376;"><th style="text-align: center; width:50px;">Del</th><th style="text-align: center; width: 400px;">Email</th>
            <th style="text-align: center;">Password</th><th style="text-align: center;">Confirm Password</th><th>Acct Type</th></tr>';
        $RESULT = mysql_query($QRY);
	while($ROW = mysql_fetch_array($RESULT))
        {
                $rowNumString = (string)($ROW_NUMBER);
                $passVar = "passName".$rowNumString;
                $passValueVar = "passValue".$rowNumString;
                $confirmVar ="confirmName".$rowNumString;
                $confirmValueVar = "confirmValue".$rowNumString;
                $rowEmail = "email".$rowNumString;
                $type = "accountType".$rowNumString; 
                                
                echo '<tr style="background-color: #';
                if ( $ROW_NUMBER % 2 ){ echo 'FFF;"'; }
                else { echo 'DEDEDE;"'; }
                echo '><td><input type="checkbox" name="'.$ROW_NUMBER.'" value="'.$ROW['email'].'"/></td><td>' . $ROW['email'] . '</td>
                    <input type="hidden" name="'.$rowEmail.'" value="'.$ROW['email'].'">
                    <td style="text-align: right;"><input type="text" name="'.$passVar.'" value="" /></td>
                    <td style="text-align: right;"><input type="text" name="'.$confirmVar.'" value=""  /></td>
		    <td style="text-align: right;">
		    <select name="'.$type.'">
  			<option value="0">User</option>
  			<option value="1">Manager</option>
  			<option value="2">Administrator</option>
		   </select>
			</td>';
        $ROW_NUMBER++;
        }
        
        
        echo '<tr><td  style="height:25px;"></td></tr>';
        echo '<tr><td style="text-align: right;"></td><td style="text-align: right;">
            <input type="button" onClick="passLabel.value = randPass()" value="Generate Random Password">
            <input type="text" id="passLabel" name="passLabel" /></td><td style="text-align: right;">
            <input type="submit" value="Update Users" onClick="passLabel.value = Blank_TextField_Validator()"></td></tr>';
        echo '<input type="hidden" name="numberOfRows" value="'.$ROW_NUMBER.'">';
        echo '</table></form></div>';
        
?>        

      

  <!-- end #mainContent --></div>
<?php include('includes/footer.php'); ?>
<!-- end #container --></div>
</body>
</html>
